Customer data protection, should banks own it?

With increasing risk of getting fraudulent calls, now customers must do verification of the caller to check whether they are calling from the #bank/credit card department. I just did it with one of the banks by asking a few questions related to my account. The lady had to face few tough questions. 😀

Few bank’s/credit card caller doesn’t have that facility and they will not tell you anything about your card/account to verify if they are genuine but will ask you all the sensitive information like DOB, mother’s name etc.

– Who should verify whom on the call?

– Should callers from the bank must also go through a verification process with customers while calling a customer?

– Have banks given that facility/system to their staffs to ensure customer safety while making outbound calls to confirm a transaction?

– Can there be an agreed question/code which a bank staff has to answer before proceeding with the call or asking any personal questions ? Can OLA like OTP system work?

– Is the onus to protect the account information lies only with customers? Please share your experience and thoughts…